“On August 6, 2013 the White House posted its preliminary list of incentives encouraging the adoption of cybersecurity best practices. The [federal government’s] draft framework of incentives is not due until October of this year, when it will be published for public comment. A final version is expected for February of 2014. The August 6th post serves as an interim step, which allows the private sector an opportunity to think about the recommendations and provide feedback.” Read on>>

“As technology becomes ever more complex, the scope and scale of cyber-risks is increasing at an unprecedented rate. Because responsibility to manage cyber-risks rests with each organisation, it needs to be high on each board’s agenda. It’s clear that this is no longer just an issue for the IT department.” Read on>>

“Recently, in A Call to Arms for Banks, the Wall Street Journal described the intensifying push by regulators for Financial Services firms to better protect themselves and the financial system against cyberattacks. […] Any financial institution that does not include cybersecurity among its enterprise risk programs exposes itself to potentially significant compliance, regulatory, and litigation risk.” Read on>>

“[T]he U.S. Food and Drug Administration (FDA) issued its Draft Guidance for the Content of Premarket Submissions for Management of Cybersecurity in Medical Devices. Recognizing the increasing need for effective cybersecurity, given the proliferation of wireless, Internet- and network-connected medical devices, as well as the increasing electronic exchange of medical device-derived health information, the draft guidance articulates FDA expectations on cybersecurity measures all manufacturers of software-containing medical devices should consider in preparing virtually any type of medical device premarket submission.” Read on>>

“In light of the recent high profile disclosures of cyber surveillance, there is increased political momentum in the U.S. and EU to control the export of particular cyber technology products and services. In the EU, the focus is on electronic surveillance equipment, and in the U.S., the concern is the proliferation of cyber weapons.” Read on>>

“Texas recently amended its data breach notification law, to clarify that if a data subject is a resident of a state other than Texas that has its own breach notification law, a company that does business in Texas can notify that data subject either pursuant to Texas law or pursuant to the law of the state of residence. In other words, according to Texas, Texas companies do not have to become familiar with the breach notification laws of other states.” Read on>>

“With the advent of new rules regulating the protection of personal data, companies with operations in Colombia must implement policies and practices to comply with Colombia’s privacy law. In October 2012, Colombia enacted Law 1581 to regulate the protection of personal data and safeguard the constitutional right of privacy in the midst of the challenges posed by globalization and new technologies that enable the easy electronic transfer of personal data.” Read on>>

“In 2011, Costa Rica enacted a data protection act which has now entered into force. Because this legislation is similar in content to the European rules, it is expected that Costa Rica will endeavour to be determined as having an adequate standard of data protection by the European Commission. The act introduces the concept of consent to data processing and grants specific rights to the data subjects if their data are published. Data breaches must be reported within five days of becoming aware of them.” Read on>>

“Because pop-up stores are intended to be temporary, installations of technology infrastructure to support credit card sales is impractical and is often ignored. Speed and simplicity are at the heart of the pop-up strategy. A word of warning, however: cutting corners for rapid and low-cost deployment of pop-up stores is fraught with data security risks. Even a single pop-up location can create data loss significant enough to negatively impact brand and cause a retailer to spend bottom line dollars on forensics, investigation and data breach notifications.” Read on>>

“The [California] report shows that 131 … data breaches were reported in 2012, which involved the potential exposure of personal information of 2.5 million Californians. More than half of these breaches (56 percent) involved Social Security numbers, which pose the greatest risk of the most serious types of identity theft. More than half of the breaches (55 percent) were the result of intentional intrusions by outsiders or by unauthorized insiders. The other 45 percent were largely the result of failures to adopt or carry out appropriate security measures.” Read on>>

“The recently published Willis Fortune 500 Cyber Disclosure Report, 2013, analyzes cybersecurity disclosure by Fortune 500 public companies. The Report found that as of April 2013, 85% of Fortune 500 companies are following the SEC guidance and are providing some level of disclosure regarding cyber exposures. Interestingly though, only 36% of Fortune 500 companies disclosed that such risk was ‘material’, ‘serious’ or used a similar term, and only 2% of the companies used a stronger term, such as ‘critical’.” Read on>>

“Despite the significant risks posed by cyber-attack, just more than half of the Fortune 500 companies admitted to having protective technical solutions in place, and 15% also indicated they do not have the resources to protect themselves against critical attacks, the report said. This, even though directors of publicly traded companies could face liability for not properly protecting companies from cyber-attack. What does this mean for privately held businesses? Cyber-attacks are a real danger that could cause significant monetary and reputational damage to a company.” Read on>>

“The constant threat of cyberattacks presents many and varying challenges for businesses. Insurance provides one way to deal with them. Because the market for insurance covering these risks and the law interpreting these policies both continue to develop, this is an area in which attorneys can help clients by maximizing their opportunity to secure the broadest possible coverage.” Read on>>